Debian Linux@10.0 Security Vulnerabilities and Issues — Page 62 of Debian Linux@10.0 CVE List

CVE-2020-28604

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

CVE-2020-28610

CVE-2020-28612

CVE-2020-28629

CVE•added 2020/12/10 8:15 a.m.•64 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

4.3CVSS4.3AI score0.01086EPSS

CVE•added 2022/09/01 6:15 p.m.•64 views

CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

5.5CVSS5.3AI score0.00017EPSS

CVE•added 2021/03/04 8:15 p.m.•64 views

CVE-2020-35628

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.

10CVSS9.2AI score0.00593EPSS

CVE•added 2021/08/30 6:15 p.m.•64 views

CVE-2020-35635

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which ...

10CVSS9.1AI score0.00172EPSS

CVE•added 2021/08/23 2:15 a.m.•64 views

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate s...

7.5CVSS7.3AI score0.00254EPSS

CVE•added 2021/08/18 1:15 p.m.•64 views

CVE-2021-21855

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00306EPSS

CVE•added 2021/11/05 6:15 p.m.•64 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

9.8CVSS9.2AI score0.00245EPSS

CVE•added 2021/09/01 3:15 p.m.•64 views

CVE-2021-39847

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.7AI score0.00507EPSS

CVE•added 2023/03/01 3:15 p.m.•64 views

CVE-2023-24757

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00017EPSS

CVE•added 2017/12/13 10:29 p.m.•63 views

CVE-2017-17669

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

5.5CVSS6.1AI score0.00167EPSS

CVE•added 2020/04/15 4:15 p.m.•63 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.

9.8CVSS9.1AI score0.00472EPSS

CVE•added 2022/04/18 5:15 p.m.•63 views

CVE-2020-28625

CVE•added 2022/04/18 5:15 p.m.•63 views

CVE-2020-28628

CVE•added 2021/03/04 8:15 p.m.•63 views

CVE-2020-35636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to cod...

10CVSS9.3AI score0.00116EPSS

CVE•added 2021/08/18 1:15 p.m.•63 views

CVE-2021-21847

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer ...

8.8CVSS8.8AI score0.00298EPSS

CVE•added 2021/07/22 6:15 p.m.•63 views

CVE-2021-35063

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."

7.5CVSS7.3AI score0.00902EPSS

CVE•added 2021/12/22 7:15 p.m.•63 views

CVE-2021-40394

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file...

10CVSS9.4AI score0.00556EPSS

CVE•added 2022/07/18 12:15 a.m.•63 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authen...

9.8CVSS9.6AI score0.00352EPSS

CVE•added 2022/08/25 3:15 p.m.•63 views

CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

7.5CVSS7.5AI score0.01458EPSS

CVE•added 2022/09/19 9:15 p.m.•63 views

CVE-2022-28201

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

4.4CVSS5.6AI score0.00034EPSS

CVE•added 2022/08/10 6:15 a.m.•63 views

CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00214EPSS

CVE•added 2022/09/15 3:15 p.m.•63 views

CVE-2022-38855

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00044EPSS

CVE•added 2022/09/15 3:15 p.m.•63 views

CVE-2022-38865

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00034EPSS

CVE•added 2019/11/22 5:15 p.m.•62 views

CVE-2012-0812

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities

6.1CVSS6AI score0.00579EPSS

CVE•added 2019/12/30 8:15 p.m.•62 views

CVE-2012-5476

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

5.5CVSS5.6AI score0.00146EPSS

CVE•added 2019/11/05 2:15 p.m.•62 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock

2.4CVSS3.7AI score0.0016EPSS

CVE•added 2020/05/27 6:15 p.m.•62 views

CVE-2020-10936

Sympa before 6.2.56 allows privilege escalation.

7.8CVSS7.6AI score0.00098EPSS

CVE•added 2021/05/27 6:15 p.m.•62 views

CVE-2020-22030

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.00488EPSS

CVE-2020-28602

CVE-2020-28605

10CVSS9.2AI score0.00306EPSS

CVE-2020-28617

CVE-2020-28633

CVE•added 2020/12/15 6:15 p.m.•62 views

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerab...

5.5CVSS6.4AI score0.00063EPSS

CVE•added 2020/12/18 8:15 a.m.•62 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there i...

5.3CVSS5.9AI score0.00552EPSS

CVE-2020-35629